feat: add --trust CLI and remote.trust config for remote tasks #2491
+327
−7
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Maciej Lech <maciej.lech@mlit.pro>
|
Looking forward to this feature! |
SamK
reviewed
Nov 27, 2025
| // Extract host from server URL for trust testing | ||
| parsedURL, err := url.Parse(srv.URL) | ||
| require.NoError(t, err) | ||
| trustedHost := parsedURL.Host |
Contributor
There was a problem hiding this comment.
Can't I trust URLs? I trust github.com/myself but I don't trust github.com/shady.
Author
There was a problem hiding this comment.
I was thinking about that, but using URLs requires more assumptions how to compare provided URL with the trust config.
- Exact match, so full URL comparison. In my case it would require configuring every single remote taskfiles (more than dozen now) which is not a big deal, but may not be a best DX.
- Prefix match. A problem: I want to trust
https://github.com/myselfbut nothttps://github.com/myselfHackedByShady- which could be easily solved by settinghttps://github.com/myself/and nothttps://github.com/myself. So maybe this is the best way. - Glob-like style:
https://github.com/myself/*or extended versionhttps://github.com/myself/**/* - Regex:
https:\/\/github\.com\/myself\/.*
vmaerten
reviewed
Nov 29, 2025
Member
vmaerten
left a comment
vmaerten
left a comment
There was a problem hiding this comment.
Thanks for your PR!
I would prefer using trusted-hosts instead of trust (both in the CLI and in the config file).
- It's more explicit, even if it's longer
- Tools like pip already use this flag (see: https://pip.pypa.io/en/stable/cli/pip/#cmdoption-trusted-host)
- Using the CLI with comma-separated values (
--trusted-hosts a.com,b.com) avoids repeating the flag name
Author
Thank you for your feedback. Yes, I stumbled across PIP when I was searching for similar implementations. Although, |
vmaerten
reviewed
Dec 6, 2025
Comment on lines
157
to
244
| pflag.StringVar(&TrustedHosts, "trusted-hosts", strings.Join(config.Remote.TrustedHosts, ","), "Comma-separated list of trusted hosts for remote Taskfiles.") | ||
| pflag.DurationVar(&Timeout, "timeout", getConfig(config, func() *time.Duration { return config.Remote.Timeout }, time.Second*10), "Timeout for downloading remote Taskfiles.") | ||
| pflag.BoolVar(&ClearCache, "clear-cache", false, "Clear the remote cache.") | ||
| pflag.DurationVar(&CacheExpiryDuration, "expiry", getConfig(config, func() *time.Duration { return config.Remote.CacheExpiry }, 0), "Expiry duration for cached remote Taskfiles.") | ||
| } | ||
| pflag.Parse() | ||
| } | ||
|
|
||
| func Validate() error { | ||
| if Download && Offline { | ||
| return errors.New("task: You can't set both --download and --offline flags") | ||
| } | ||
|
|
||
| if Download && ClearCache { | ||
| return errors.New("task: You can't set both --download and --clear-cache flags") | ||
| } | ||
|
|
||
| if Global && Dir != "" { | ||
| return errors.New("task: You can't set both --global and --dir") | ||
| } | ||
|
|
||
| if Output.Name != "group" { | ||
| if Output.Group.Begin != "" { | ||
| return errors.New("task: You can't set --output-group-begin without --output=group") | ||
| } | ||
| if Output.Group.End != "" { | ||
| return errors.New("task: You can't set --output-group-end without --output=group") | ||
| } | ||
| if Output.Group.ErrorOnly { | ||
| return errors.New("task: You can't set --output-group-error-only without --output=group") | ||
| } | ||
| } | ||
|
|
||
| if List && ListAll { | ||
| return errors.New("task: cannot use --list and --list-all at the same time") | ||
| } | ||
|
|
||
| if ListJson && !List && !ListAll { | ||
| return errors.New("task: --json only applies to --list or --list-all") | ||
| } | ||
|
|
||
| if NoStatus && !ListJson { | ||
| return errors.New("task: --no-status only applies to --json with --list or --list-all") | ||
| } | ||
|
|
||
| if Nested && !ListJson { | ||
| return errors.New("task: --nested only applies to --json with --list or --list-all") | ||
| } | ||
|
|
||
| return nil | ||
| } | ||
|
|
||
| // WithFlags is a special internal functional option that is used to pass flags | ||
| // from the CLI into any constructor that accepts functional options. | ||
| func WithFlags() task.ExecutorOption { | ||
| return &flagsOption{} | ||
| } | ||
|
|
||
| type flagsOption struct{} | ||
|
|
||
| func (o *flagsOption) ApplyToExecutor(e *task.Executor) { | ||
| // Set the sorter | ||
| var sorter sort.Sorter | ||
| switch TaskSort { | ||
| case "none": | ||
| sorter = sort.NoSort | ||
| case "alphanumeric": | ||
| sorter = sort.AlphaNumeric | ||
| } | ||
|
|
||
| // Change the directory to the user's home directory if the global flag is set | ||
| dir := Dir | ||
| if Global { | ||
| home, err := os.UserHomeDir() | ||
| if err == nil { | ||
| dir = home | ||
| } | ||
| } | ||
|
|
||
| // Parse comma-separated trusted hosts | ||
| var trustedHosts []string | ||
| if TrustedHosts != "" { | ||
| for host := range strings.SplitSeq(TrustedHosts, ",") { | ||
| if trimmed := strings.TrimSpace(host); trimmed != "" { | ||
| trustedHosts = append(trustedHosts, trimmed) | ||
| } | ||
| } | ||
| } |
Member
There was a problem hiding this comment.
You do not need this, pflag already support it with StringSliceVar cf: https://pkg.go.dev/github.com/spf13/pflag#StringSliceVar
Member
There was a problem hiding this comment.
So, we can simplify and use StringSliceVar. This way we support either --trusted-hosts="a.com,b.com" either --trusted-hosts="a.com" --trusted-hosts="b.com"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR implements the feature discussed in #2473.
It introduces a new --trust CLI flag and a corresponding remote.trust configuration option in taskrc. These options are available when the Remote Taskfiles experiment is enabled.
The --trust flag can be specified multiple times to define trusted hosts (optionally including ports). Any remote Taskfiles fetched from these trusted hosts will not prompt for confirmation on their initial download or when their checksums change.
Closes #2473